Firewall Rule from a server to computers in the internet.

all, trying create firewall rule allow authenticated traffic on port 1688 (kms) computers not in our enterprise , behind nat network.

the rule works in enterprise no problem. when put same computer behind nat network rule not work. have esp protocol 50 allowed on kms server , udp ports 500 , 4500 well.

what trying achieve have computers outside our network connect our kms server. not have vpn , want control computers can connect kms server. missing? authentication on esp inbound ports need open on client?

thanks in advance

charlie

it looks issue has been resolved. problem because authenticating traffic , not encrypting using ah instead of esp. ah not work in nat. once chose encrypt traffic problem resolved. still need test data integrity on esp should work.

charlie

Windows Server  >  Platform Networking